Information from istyle Inc.
Vulnerability ID:JVN#81570776
Title:"@cosme" App fails to restrict custom URL schemes properly
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
There is a vulnerability due to insufficient access restrictions in the smartphone application "@cosme". We have released versions with countermeasures on the App Store and Google Play Store. For your safety, please update to the latest version.
■Affected products and versions
Android app "@cosme" versions prior to 5.69.0
iOS app "@cosme" versions prior to 6.74.0
■ Potential impact
If the vulnerability is exploited, users may be directed to access arbitrary websites through the product. As a result, there is a possibility of falling victim to phishing and other attacks.
■Countermeasure
Update to the latest version
